knowledge-locator
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a potential surface for indirect prompt injection by retrieving and searching data from memory palaces and PR review chambers which may contain untrusted content from external contributors.
- Ingestion points: Memory palaces and project review chamber rooms (
SKILL.md). - Boundary markers: The instructions do not specify the use of delimiters or warnings to ignore instructions embedded within the retrieved data.
- Capability inventory: The skill executes shell commands via
python scripts/palace_manager.pyto search and list data from the palaces (SKILL.md). - Sanitization: There is no evidence of sanitization or escaping mechanisms for retrieved content before it is processed by the agent.
Audit Metadata